I had reported a buffer overflow in oidentd last year, it's been fixed with version 2.4.0: https://github.com/janikrabe/oidentd/commit/49cf54c1be2faf89fd0099784acf91086df1417a Also the release notes mention another overflow: https://github.com/janikrabe/oidentd/blob/v2.4.0/NEWS "Prevent overflow when too many replies are specified in the system-wide configuration file." Version 2.4.0 is already in the tree, but not stabilized.
arches, please go ahead and stabilize =net-misc/oidentd-2.4.0
x86 stable
arm stable
ppc stable
amd64 stable
ia64 stable
ppc64 stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f commit 1cc9a7d0c5b62ab36e04c724f5fa6877fb09a88f Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-02-17 18:38:11 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-02-17 18:38:11 +0000 net-misc/oidentd: security cleanup (#709454) Bug: https://bugs.gentoo.org/709454 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/oidentd/Manifest | 1 - net-misc/oidentd/files/oidentd-2.0.7-confd | 4 -- .../files/oidentd-2.0.8-bind-to-ipv6-too.patch | 17 ------ net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch | 25 --------- .../files/oidentd-2.0.8-log-conntrack-fails.patch | 52 ------------------ .../oidentd/files/oidentd-2.0.8-masquerading.patch | 43 --------------- .../oidentd-2.0.8-no-conntrack-masquerading.patch | 41 -------------- net-misc/oidentd/files/oidentd.conf | 22 -------- net-misc/oidentd/files/oidentd.service | 9 ---- net-misc/oidentd/files/oidentd.socket | 10 ---- net-misc/oidentd/files/oidentd_at.service | 7 --- net-misc/oidentd/files/oidentd_masq.conf | 10 ---- net-misc/oidentd/oidentd-2.0.8-r6.ebuild | 63 ---------------------- 13 files changed, 304 deletions(-)
GLSA Vote: No! Repository is clean, all done!
